Skip to content

Commit f93e581

Browse files
a-bjoaopapereira
a-b
and
joaopapereira
committed
Switch test environments to cfd bosh lites [main] (cloudfoundry#3262)
* Switch environment to cfd-bosh-lite * Turn off set_kernel_parameters to use cfd-bosh-lite * Expose shepherd configuration via repo variables * Update secrets path to bosh-lite * Expose TEST_FLAKE_ATTEMPTS and TEST_NODES * Set default FLAKE_ATTEMPTS * Bump gha test suit timeout from 60 to 120m * Enter nodes as workflow_dispatch input * Skip steps if SHEPHERD_LEASE_ID defined * Skip scaling tests that are testing CAPI * bosh-light environment default memory is 256Mb * Fixed the issue with force update of bosh * Delete created orgs during tests * Ensure that the orgName is empty for each test * Prevent double deletion of org * Lower number of tests running using client credentials to avoid flakes * Allow user to define namespace of the leased environment * Pass namespace of the lease to the reusable workflow Co-authored-by: João Pereira <[email protected]>
1 parent 6773b07 commit f93e581

26 files changed

+255
-76
lines changed

.github/ops-files/diego-cell-instances.yml

+4
Original file line numberDiff line numberDiff line change
@@ -2,3 +2,7 @@
22
- type: replace
33
path: /instance_groups/name=diego-cell/instances
44
value: 4
5+
6+
- type: replace
7+
path: /instance_groups/name=isolated-diego-cell/jobs/name=rep/properties?/set_kernel_parameters
8+
value: false

.github/workflows/tests-integration-reusable.yml

+33-23
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
# secrets.CLIENT_SECRET
44
# secrets.GITHUB_TOKEN
55
# secrets.SHEPHERD_SERVICE_ACCOUNT_TOKEN
6-
# vars.SHEPHERD_POOL_NAME
6+
# vars.TEST_FLAKE_ATTEMPTS
77

88
name: "pvt: run integration tests"
99

@@ -22,17 +22,29 @@ on:
2222
lease-id:
2323
required: true
2424
type: string
25+
lease-namespace:
26+
required: false
27+
type: string
28+
default: 'tas-devex'
2529
gitRef:
2630
type: string
2731
default: ${{github.event.workflow_run.head_sha}}
28-
32+
nodes:
33+
type: string
34+
default: "16"
35+
36+
env:
37+
NODES: ${{ inputs.nodes }}
38+
FLAKE_ATTEMPTS: ${{ vars.TEST_FLAKE_ATTEMPTS || '4' }}
39+
2940
jobs:
3041
run-integration-tests:
3142
defaults:
3243
run:
3344
shell: bash
34-
runs-on: ${{ inputs.os }}
45+
runs-on: ${{ inputs.os }}
3546
container: us-west2-docker.pkg.dev/shepherd-268822/shepherd2/concourse-resource:latest
47+
timeout-minutes: 120
3648
steps:
3749
- name: Checkout cli
3850
uses: actions/checkout@v4
@@ -61,7 +73,9 @@ jobs:
6173

6274
- name: Install Tools
6375
env:
64-
account_token: ${{ secrets.SHEPHERD_SERVICE_ACCOUNT_TOKEN }}
76+
account_token: ${{ secrets.SHEPHERD_SERVICE_ACCOUNT_TOKEN }}
77+
lease_namespace: ${{ inputs.lease-namespace }}
78+
lease_id: ${{ inputs.lease-id }}
6579
run: |
6680
go version
6781
@@ -95,23 +109,23 @@ jobs:
95109
apt-get install -y build-essential unzip
96110
97111
shepherd login service-account ${account_token}
98-
shepherd get lease ${{ inputs.lease-id }} --namespace tas-devex --json | jq .output > metadata.json
112+
shepherd get lease ${lease_id} --namespace ${lease_namespace} --json | jq .output > metadata.json
99113
100114
- name: Add CATS config
101115
if: ${{ inputs.name == 'cats' }}
102116
run: |
103117
set -eu
104118
105-
ENV=$(jq -r .name metadata.json)
119+
env_name=$(jq -r .name metadata.json)
106120
API="$(jq -r .cf.api_url metadata.json)"
107121
DOMAIN=$(echo $API | sed "s/^api\.//")
108122
CF_INT_USERNAME="admin"
109123
110-
jq -r .bosh.jumpbox_private_key metadata.json > /tmp/${ENV}.priv
124+
jq -r .bosh.jumpbox_private_key metadata.json > /tmp/${env_name}.priv
111125
eval "$(bbl print-env --metadata-file ./metadata.json)"
112126
113127
credhub login
114-
CF_INT_PASSWORD=$(credhub get -n /bosh-$ENV/cf/cf_admin_password | bosh interpolate --path /value -)
128+
CF_INT_PASSWORD=$(credhub get -n /bosh-lite/cf/cf_admin_password | bosh interpolate --path /value -)
115129
116130
cat << EOF | jq -S . > cats_config.json
117131
{
@@ -185,26 +199,24 @@ jobs:
185199
--keep-going \
186200
--randomize-all \
187201
--skip-package=helpers \
188-
--nodes="12" \
189-
--flake-attempts=2 \
202+
--nodes="${NODES}" \
203+
--flake-attempts=${FLAKE_ATTEMPTS} \
190204
--timeout="2h" \
191205
--no-color
192206
193207
- name: Run Integration Tests
194208
if: ${{ !inputs.run-with-client-creds && inputs.name != 'cats' }}
195209
run: |
196-
ENV=$(cat metadata.json | jq -r '.name')
197-
jq -r .bosh.jumpbox_private_key metadata.json > /tmp/${ENV}.priv
210+
env_name=$(cat metadata.json | jq -r '.name')
211+
jq -r .bosh.jumpbox_private_key metadata.json > /tmp/${env_name}.priv
198212
eval "$(bbl print-env --metadata-file ./metadata.json)"
199-
export CF_INT_PASSWORD="$(credhub get -n /bosh-$ENV/cf/cf_admin_password | bosh interpolate --path /value -)"
213+
export CF_INT_PASSWORD="$(credhub get -n /bosh-lite/cf/cf_admin_password | bosh interpolate --path /value -)"
200214
export CF_INT_OIDC_USERNAME="admin-oidc"
201-
export CF_INT_OIDC_PASSWORD=$(credhub get -n /bosh-$ENV/cf/uaa_oidc_admin_password | bosh interpolate --path /value -)
215+
export CF_INT_OIDC_PASSWORD=$(credhub get -n /bosh-lite/cf/uaa_oidc_admin_password | bosh interpolate --path /value -)
202216
API_URL="$(jq -r .cf.api_url metadata.json)"
203217
export CF_INT_API="https://$API_URL"
204218
export CF_DIAL_TIMEOUT=15
205219
export CF_USERNAME=admin
206-
export FLAKE_ATTEMPTS=2
207-
export NODES=16
208220
export GOPATH=$PWD/go
209221
export PATH="$GOPATH/bin:$PATH"
210222
export PATH="$PWD/out:$PATH"
@@ -224,18 +236,16 @@ jobs:
224236
CF_INT_CLIENT_ID: 'potato-face'
225237
CF_INT_CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
226238
run: |
227-
ENV=$(cat metadata.json | jq -r '.name')
228-
jq -r .bosh.jumpbox_private_key metadata.json > /tmp/${ENV}.priv
239+
env_name=$(cat metadata.json | jq -r '.name')
240+
jq -r .bosh.jumpbox_private_key metadata.json > /tmp/${env_name}.priv
229241
eval "$(bbl print-env --metadata-file ./metadata.json)"
230-
export CF_INT_PASSWORD="$(credhub get -n /bosh-$ENV/cf/cf_admin_password | bosh interpolate --path /value -)"
242+
export CF_INT_PASSWORD="$(credhub get -n /bosh-lite/cf/cf_admin_password | bosh interpolate --path /value -)"
231243
export CF_INT_OIDC_USERNAME="admin-oidc"
232-
export CF_INT_OIDC_PASSWORD=$(credhub get -n /bosh-$ENV/cf/uaa_oidc_admin_password | bosh interpolate --path /value -)
244+
export CF_INT_OIDC_PASSWORD=$(credhub get -n /bosh-lite/cf/uaa_oidc_admin_password | bosh interpolate --path /value -)
233245
API_URL="$(jq -r .cf.api_url metadata.json)"
234246
export CF_INT_API="https://$API_URL"
235247
export CF_DIAL_TIMEOUT=15
236248
export CF_USERNAME=admin
237-
export FLAKE_ATTEMPTS=2
238-
export NODES=16
239249
export GOPATH=$PWD/go
240250
export PATH="$GOPATH/bin:$PATH"
241251
export PATH="$PWD/out:$PATH"
@@ -247,4 +257,4 @@ jobs:
247257
cf api ${CF_INT_API} --skip-ssl-validation
248258
cf auth
249259
250-
make integration-tests-full-ci
260+
make integration-tests-ci-client-creds

.github/workflows/tests-integration.yml

+100-15
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,14 @@
1+
# GitHub repo level Secrets and Variables
2+
3+
# secrets.CLIENT_SECRET
4+
# secrets.SHEPHERD_SERVICE_ACCOUNT_TOKEN
5+
# vars.CAPI_RELEASE_VERSION
6+
# vars.SHEPHERD_LEASE_DURATION
7+
# vars.SHEPHERD_LEASE_NAMESPACE
8+
# vars.SHEPHERD_TEMPLATE_ARGUMENT
9+
# vars.SHEPHERD_TEMPLATE_NAME
10+
# vars.SHEPHERD_TEMPLATE_NAMESPACE
11+
112
name: "Tests: Integration"
213

314
run-name: "Integration [${{ github.event_name }}: ${{ github.event.pull_request.head.sha || github.event.push.after || github.event.workflow_run.head_sha}}]: ${{ github.event.workflow_run.head_commit.message }}"
@@ -14,6 +25,30 @@ on:
1425
- run-integration-tests-cf-env
1526
- run-integration-tests-cf-env-with-client-creds
1627
- run-cats-cf-env
28+
nodes:
29+
description: Number of test nodes
30+
required: false
31+
type: string
32+
default: "12"
33+
lease_id:
34+
description: Pre-provisioned environment lease-id to use in tests
35+
required: false
36+
type: string
37+
lease_namespace:
38+
description: Pre-provisioned environment lease namespace to use in tests
39+
required: false
40+
type: string
41+
run_unit_tests:
42+
description: Run unit tests
43+
required: false
44+
type: boolean
45+
default: true
46+
reinstall_cfd:
47+
description: Force re-installation of CFD
48+
required: false
49+
type: boolean
50+
default: true
51+
1752
push:
1853
tags:
1954
- "v8.*"
@@ -31,7 +66,12 @@ on:
3166
- ".grype.yaml"
3267
- ".git*"
3368
- ".golangci.json"
69+
70+
env:
71+
SHEPHERD_LEASE_ID: ${{ inputs.lease_id }}
72+
3473
jobs:
74+
3575
get-sha:
3676
runs-on: ubuntu-latest
3777
outputs:
@@ -57,14 +97,17 @@ jobs:
5797
steps:
5898
- name: Checkout
5999
uses: actions/checkout@v4
100+
if: ${{ inputs.run_unit_tests == 'true' }}
60101
with:
61102
ref: ${{needs.get-sha.outputs.gitRef}}
62103
- name: Set Up Go
63104
uses: actions/setup-go@v5
105+
if: ${{ inputs.run_unit_tests == 'true' }}
64106
with:
65107
go-version-file: go.mod
66108
check-latest: true
67109
- name: Run Units
110+
if: ${{ inputs.run_unit_tests == 'true' }}
68111
run: make units
69112

70113
claim-env:
@@ -88,23 +131,57 @@ jobs:
88131
- name: claim
89132
id: claim
90133
env:
91-
account_token: ${{ secrets.SHEPHERD_SERVICE_ACCOUNT_TOKEN }}
92-
pool_name: ${{ vars.SHEPHERD_POOL_NAME }}
93-
pool_namespace: official
134+
account_token: ${{ secrets.SHEPHERD_SERVICE_ACCOUNT_TOKEN }}
135+
template_argument: ${{ vars.SHEPHERD_TEMPLATE_ARGUMENT }}
136+
template_name: ${{ vars.SHEPHERD_TEMPLATE_NAME || '[email protected]' }}
137+
template_namespace: ${{ vars.SHEPHERD_TEMPLATE_NAMESPACE || 'official' }}
138+
lease_duration: ${{ vars.SHEPHERD_LEASE_DURATION || '8h' }}
139+
lease_namespace: ${{ inputs.lease_namespace || vars.SHEPHERD_LEASE_NAMESPACE || 'tas-devex' }}
94140
run: |
95141
shepherd login service-account ${account_token}
96142
97-
echo "shepherd create lease --duration 8h --pool ${pool_name} --pool-namespace ${pool_namespace} --namespace tas-devex --description 'CLI GHA'"
98-
lease_id=$(shepherd create lease --duration 8h --pool ${pool_name} --pool-namespace ${pool_namespace} --namespace tas-devex --json | jq -r .id)
99-
143+
if [[ -z $SHEPHERD_LEASE_ID ]]; then
144+
145+
if [ -z "$template_argument" ]; then
146+
export template_argument='{"gcp_region": "us-west2",
147+
"vm_type": "n1-standard-8",
148+
"root_disk_gb": 32,
149+
"disk_pool_gb": 150,
150+
"cfd_version": "",
151+
"additional_opsfiles_b64": ""}'
152+
fi
153+
154+
lease_id=$( shepherd create lease \
155+
--template-argument "$template_argument" \
156+
--template-namespace "${template_namespace}" \
157+
--template "${template_name}" \
158+
--namespace "${lease_namespace}" \
159+
--duration "${lease_duration}" \
160+
--description "Claimed by CF CLI workflow ${{ github.workflow_run.url }}" \
161+
--json \
162+
| jq -r .id
163+
)
164+
else
165+
lease_id=$SHEPHERD_LEASE_ID
166+
fi
167+
168+
echo "Shepherd lease ID: ${lease_id}"
169+
100170
# Give sometime for the lease to complete. Shepherd may take upto an 3 hours to create an env
101171
# if the pool is empty.
102172
count=0
103173
while [ $count -lt 360 ] ; do
104174
sleep 30
105-
status=$(shepherd get lease ${lease_id} --namespace tas-devex --json | jq -r .status)
175+
status=$( shepherd get lease ${lease_id} \
176+
--namespace ${lease_namespace} \
177+
--json \
178+
| jq -r .status
179+
)
106180
if [ $status == "LEASED" ] ; then
107-
shepherd get lease ${lease_id} --namespace tas-devex --json | jq .output > metadata.json
181+
shepherd get lease ${lease_id} \
182+
--namespace ${lease_namespace} \
183+
--json \
184+
| jq .output > metadata.json
108185
break
109186
elif [ $status == "FAILED" -o $status == "EXPIRED" ] ; then
110187
echo "There was an error obtaining the lease. Lease status is ${status}."
@@ -119,7 +196,7 @@ jobs:
119196
echo "env name is ${env_name}"
120197
echo "leaseid=${lease_id}" >> "${GITHUB_OUTPUT}"
121198
122-
cf_deployment_version=$(jq -r '."cf-deployment_version"' metadata.json)
199+
cf_deployment_version=$(jq -r '."cf_deployment_version"' metadata.json)
123200
echo "cf_deployment_version is ${cf_deployment_version}"
124201
echo "cf_deployment_version=${cf_deployment_version}" >> "${GITHUB_OUTPUT}"
125202
@@ -130,6 +207,7 @@ jobs:
130207
check-latest: true
131208

132209
- name: Install Tools
210+
if: ${{ (inputs.lease_id == '') || (inputs.reinstall_cfd == true) }}
133211
run: |
134212
go version
135213
@@ -149,11 +227,11 @@ jobs:
149227
apt-get install -y build-essential unzip
150228

151229
- name: Upload latest CAPI release
230+
if: ${{ (inputs.lease_id == '') || (inputs.reinstall_cfd == true) }}
152231
env:
153232
capi_release_version: ${{ vars.CAPI_RELEASE_VERSION }}
154233
run: |
155-
if [ -z "$capi_release_version" ]
156-
then
234+
if [ -z "$capi_release_version" ]; then
157235
capi_release_version=$(curl -s https://api.github.com/repos/cloudfoundry/capi-release/releases/latest | jq -r .tag_name)
158236
fi
159237
@@ -166,19 +244,20 @@ jobs:
166244
bosh upload-release "https://bosh.io/d/github.com/cloudfoundry/capi-release?v=$capi_release_version"
167245
168246
- name: Checkout cf-deployment
247+
if: ${{ (inputs.lease_id == '') || (inputs.reinstall_cfd == true) }}
169248
uses: actions/checkout@v4
170249
with:
171250
repository: cloudfoundry/cf-deployment
172251
path: cf-deployment
173252
ref: ${{steps.claim.outputs.cf_deployment_version}}
174253

175254
- name: Deploy Isolation Segment and OIDC Provider
255+
if: ${{ (inputs.lease_id == '') || (inputs.reinstall_cfd == true) }}
176256
run: |
177257
env_name=$(jq -r .name metadata.json)
178258
jq -r .bosh.jumpbox_private_key metadata.json > /tmp/${env_name}.priv
179259
eval "$(bbl print-env --metadata-file metadata.json)"
180260
181-
# deploy
182261
bosh -d cf manifest > /tmp/manifest.yml
183262
bosh interpolate /tmp/manifest.yml \
184263
-o cf-deployment/operations/use-internal-lookup-for-route-services.yml \
@@ -208,6 +287,8 @@ jobs:
208287
name: Integration
209288
gitRef: ${{needs.get-sha.outputs.gitRef}}
210289
lease-id: ${{ needs.claim-env.outputs.leaseid }}
290+
lease-namespace: ${{ inputs.lease_namespace || vars.SHEPHERD_LEASE_NAMESPACE || 'tas-devex' }}
291+
nodes: ${{ inputs.nodes }}
211292
secrets: inherit
212293

213294
run-integration-tests-cf-env-with-client-creds:
@@ -224,6 +305,7 @@ jobs:
224305
name: Integration client creds
225306
gitRef: ${{needs.get-sha.outputs.gitRef}}
226307
lease-id: ${{ needs.claim-env.outputs.leaseid }}
308+
lease-namespace: ${{ inputs.lease_namespace || vars.SHEPHERD_LEASE_NAMESPACE || 'tas-devex' }}
227309
secrets: inherit
228310

229311
run-cats-cf-env:
@@ -241,21 +323,24 @@ jobs:
241323
name: cats
242324
gitRef: ${{needs.get-sha.outputs.gitRef}}
243325
lease-id: ${{ needs.claim-env.outputs.leaseid }}
326+
lease-namespace: ${{ inputs.lease_namespace || vars.SHEPHERD_LEASE_NAMESPACE || 'tas-devex' }}
244327
secrets: inherit
245328

246329
unclaim-env:
247330
name: Unclaim environment
331+
if: ${{ inputs.lease_id == '' }}
248332
runs-on: ubuntu-latest
249333
container: us-west2-docker.pkg.dev/shepherd-268822/shepherd2/concourse-resource:latest
250334
needs:
251335
- claim-env
252336
- run-cats-cf-env
253-
if: always()
254337
steps:
255338
- name: unclaim
256339
env:
257-
account_token: ${{ secrets.SHEPHERD_SERVICE_ACCOUNT_TOKEN }}
340+
account_token: ${{ secrets.SHEPHERD_SERVICE_ACCOUNT_TOKEN }}
341+
lease_namespace: ${{ inputs.lease_namespace || vars.SHEPHERD_LEASE_NAMESPACE || 'tas-devex' }}
258342
run: |
259343
shepherd login service-account ${account_token}
260344
set -x
261-
shepherd delete lease ${{ needs.claim-env.outputs.leaseid }} --namespace tas-devex
345+
shepherd delete lease ${{ needs.claim-env.outputs.leaseid }} \
346+
--namespace ${lease_namespace}

.gitignore

+2
Original file line numberDiff line numberDiff line change
@@ -68,3 +68,5 @@ integration/assets/test_plugin/test_plugin
6868

6969
### VisualStudioCode ###
7070
.vscode
71+
.secrets
72+
.vars

0 commit comments

Comments
 (0)